Ubuntu: How to setup pptp vpn server

# warning: this is not script, it's a set of instructions. #these steps create pptp vpn server so all clients can reach all others clients. ##################### SERVER SIDE (UBUNTU SERVER 16.04+) ###################### sudo apt-get install pptpd sudo update-rc.d pptpd defaults # I had to use this on 16.04... it fixes autostart problem: sudo systemctl enable pptpd #edit file "/etc/pptpd.conf": example using nano: $> sudo nano /etc/pptpd.conf #add the following lines: localip 10.20.0.1 remoteip: 10.20.1.100-200 #100 clients #save it #edit file "/etc/ppp/chap-secrets": example using nano: $> sudo nano /etc/ppp/chap-secrets #add all clients with fixed ip addresses (change user1, user2... and password1, password2,.. according to your preference): user1 pptpd password1 10.20.1.100 user2 pptpd password2 10.20.1.101 user3 pptpd password3 10.20.1.200 : #save it #edit/add this line at "/etc/systl.conf": net.ipv4.ip_forward = 1 #save change: sudo sysctl -p #Configure iptables for forwarding (let clients see all each other): iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 10.20.0.0/16 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface enp0s8 -j ACCEPT iptables-save #restart your service: sudo service pptpd restart ##################### CLIENT SIDE FOR UBUNTU SERVER ###################### # Start client side (Ubuntu Server (w/o GUI)): # # ============================================================ # 1) Configure pptp: (Change your <vpn server address>) # (in this example we named the provider as "pptpserver") # ============================================================ sudo nano /etc/ppp/peers/pptpserver # add the following lines: pty "pptp <vpn server address> --nolaunchpppd" lock noauth nobsdcomp nodeflate name server password 13132828 remotename pptpserver persist maxfail 0 holdoff 5 require-mppe-128 # and save (ctrl-o ctrl-x) # ================================================================== # 2) Create config file for adding route automatically when startup: # this is necessary in order to not use vpn internet connection # (use same name of provider, in my case "pptpserver") # ================================================================== sudo nano /etc/ppp/ip-up.d/pptpserver # add the wollowings lines: #!/bin/bash # This script is called with the following arguments: # Arg Name # $1 Interface name # $2 The tty # $3 The link speed # $4 Local IP number # $5 Peer IP number # $6 Optional ``ipparam'' value foo route add -net 10.20.0.0 netmask 255.255.0.0 dev $1 # and save (ctrl-o ctrl-x) #... then set execute permission: sudo chmod +x /etc/ppp/ip-up.d/pptpserver # ============================================================ # STARTUP CONNECTION # ============================================================ # ------------------------------------ # 1) Manual startup: # ------------------------------------ sudo pon pptpserver # ------------------------------------ # 2) Auto startup on boot: # ------------------------------------ # # a) USING INTERFACES: Edit interfaces file: # sudo nano /etc/network/interfaces # add the following lines to the end: auto tunnel iface tunnel inet ppp provider pptpserver # and save (ctrl-o ctrl-x) # then restart networking: sudo /etc/init.d/networking restart # # b) USING SERVICE SYSTEMCTL # sudo nano /etc/systemd/system/pppoe.service # add these lines: [Unit] Description=PPPoE connection [Service] Type=oneshot RemainAfterExit=true ExecStart=/usr/bin/pon pptpserver ExecStop=/usr/bin/poff -a [Install] WantedBy=default.target # and save # then change permissions: sudo chmod +x /etc/systemd/system/pppoe.service # then reload daemons: systemctl daemon-reload # and it will connect on boot. #start: sudo systemctl start pppoe #stop: sudo systemctl stop pppoe
This VPN server configuration is useful to create a private network where all clients see each other. For ubuntu clients it is necessary to configure vpn settings:
-> VPN -> Advanced -> check all MSCHAP

Here gateway is not specified because I don't use vpn to navigate to internet.

If you don't want to use vpn internet (just like me) then you must specify in properties of connection on each client use this vpn only for local (vpn) resources: (after creating connection):

==============================
Ubuntu desktop (Network Manager):
==============================

* VPN Network settings -> IPv4 settings -> Routes
1) Add address: 10.20.0.0, subnet mask: 255.255.0.0, gateway: 10.20.0.1, Metrics:0
2) check only “Use this connection only for resources on its network”

===========================
Windows (depending on version):
===========================

* Double-click My Computer, and then click the Network and Dial-up Connections link.
* Right-click the VPN connection that you want to change, and then click Properties.
* Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
* Click Advanced, and then click to clear the Use default gateway on remote network check box.
* Click OK, click OK, and then click OK.

Be the first to comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.